The security of computing resources and associated data is of high importance in many contexts. As an example, organizations often utilize networks of computing devices to provide a robust set of services to their users. Networks often span multiple geographic boundaries and often connect with other networks. An organization, for example, may support its operations using both internal networks of computing resources and computing resources managed by others. Computers of the organization, for instance, may communicate with computers of other organizations to access and/or provide data while using services of another organization. In many instances, organizations configure and operate remote networks using hardware managed by other organizations, thereby reducing infrastructure costs and achieving other advantages. With such configurations of computing resources, ensuring that access to the resources and the data they hold is secure can be challenging, especially as the size and complexity of such configurations grow.
Encryption, for example, is used extensively for the purpose of preventing unauthorized access to data. Generally, a cryptographic key is used to reversibly transform data to a state where information is both computationally and humanly unascertainable without access to the cryptographic key or without extraordinary measures (e.g., a cryptographic attack). While encryption is generally effective, without proper care being taken, the benefits of encryption can be degraded. In some examples, proper care to maintain data security requires rotation of cryptographic keys so that a single cryptographic key is not used so many times that an analysis of ciphertexts generated under the cryptographic key provides significant information usable to determine the cryptographic key. However, in many systems, tracking how many encryption operations have been performed can be challenging. For example, a distributed computer system may have multiple nodes that each performs operations with a cryptographic key. In such a system, tracking how many encryption operations each node has performed so that the aggregate number of encryption operations under the same key remains at an acceptable level can be complex, especially when the rate of performance of the encryption operations can vary widely among the nodes. One way of preventing too many encryption operations from being performed under the same cryptographic key in a distributed system is to rotate the cryptographic key before any node in the distributed system has the opportunity to cause a limit on the number of encryption operations to be exceeded. Techniques that utilize this approach can result in underutilization of the cryptographic key since key rotation will typically occur before the limit is exhausted.